[Grok-dev] Password encryption in grokproject generated site.zcml (bug #160196)

Uli Fouquet uli at gnufix.de
Tue Mar 11 09:11:30 EDT 2008

Hi there,

the bug #160196 (grokproject stores password in plaintext in site.zcml)
is waiting for care for a few months new. See


To sum it up, it targets the question whether (and how) the site.zcml
generated by grokproject should store the admin password encrypted.

It _is_ of course possible to change grokproject in a way, so that the
password is stored SHA-1 encrypted, which could make deployment of
grokproject-generated sites more secure. It would touch only newly
generated sites/projects.

My question: could that break any other stuff? What about WSGI/repoze
for example? Is there a use case, where the password has to be plain
text (beside obliviousness of site maintainers)?

Kind regards,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20080311/2ea87eaf/attachment.bin

More information about the Grok-dev mailing list